Monitoring BIND9

The goal here is to monitor DNS servers running BIND version 9 and graph the various statistics that it records about itself. The statistics will be made available to the Net-SNMP daemon by a script. From there, the data can be polled by whatever NMS you choose to use.

Table of Contents

Getting Stats from BIND

BIND stores a number of statistics internally. In earlier versions of BIND there were only a handful of statistics available. In more recent versions (9.6 and newer), there are some very detailed statistics present. To retrieve stats, issue the rndc stats command. This will instruct BIND to dump the stats to the statistics-file as configured in named.conf.

I’ve created one set of scripts for each file format. There is a single script for BIND 9.4. It gets called directly by Net-SNMP where it will tell BIND to write its stats to disk (by using rndc). The script will then parse out the specific statistic that Net-SNMP asked it for. For BIND 9.6 and newer, there are two scripts. The first script is meant to run from cron where it will dig through the statistics file for the most recently saved statistics. It writes those stats to a second file in a machine parsable format. The second script is then called by Net-SNMP where it will fetch the requested statistic from the machine parsable file.

The crontab entry for the BIND 9.6+ script should look something like this:

The script reads the statistics file on stdin and will write its output to stdout. Make sure that wherever you direct the output of the script to is readable by the user that the Net-SNMP daemon runs as. Also make sure you adjust the bind96-stats-get.sh script to read from this same file.

Serving Stats via SNMP

Since the goal is to use SNMP to monitor the DNS server, the data in the statistics file must be made available via SNMP. The Net-SNMP SNMP daemon allows for data to be retrieved using local shell scripts or programs. The data retrieved from these scripts is made available under the .1.3.6.1.4.1.2021.8.1 MIB table. More information on how this works is available in the snmpd.conf manual page (look for the exec keyword).

The first line will return the number of successful queries, the second the number of failed. The /var/net-snmp/bind94.sh shell script has the task of taking data from BIND’s statistics file and passing it to the SNMP daemon. The script is available here: bind94.sh.

A fellow network person who read this page contributed a second version of the script which will also return stats for “referral”, “nxrrset”, “nxdomain”, etc, queries. That script is here: bind94v2.sh. This script is called with the desired query type as its argument, e.g.:

Statistics such as outgoing_queries+internet_view:a are related to a particular view (in this case, a view called internet_view). Everything else is either related to the default view or is a global statistic.

Once snmpd.conf is updated and snmpd is restarted, a walk of the .1.3.6.1.4.1.2021.8.1 MIB will show the script in action.

Author: Joel Knight
Pulls out a certain statistic from the machine parsable file. Make sure you edit this script and tell it where that parsable file is located.

$ bind96-stats-get.sh <statistic>

Notes

Be aware that when rndc stats is run, the statistics file isn’t overwritten, it’s appened-to. This means the file will continue to grow larger in size once you start using these scripts. A good idea may be to add a weekly cron job to delete the file so that its size can be kept in check or use your system’s log rotation utility to rotate or trim the file.

As explained in the snmpd.conf manpage, when snmpd runs external commands such as bind94.sh, it caches the results in the file /var/net-snmp/.snmp-exec-cache. This file must be writeable by the user that snmpd is running as or else it will not return the output from the external script being ran.